We announced a redesign of our Privacy Settings page today to make it simpler for people to control how public or private they want to be through Facebook. These changes, along with the updates we released at f8, give your users better visibility and choice when they authorize your application.
At f8, we announced a new data model and authentication dialog for Platform. With this new data model and today's changes, users who authorize your application will share their user ID, name, profile picture, gender, networks, friend list, and the parts of the profile set to Everyone. If your application needs any private information from a user's profile, you will need to ask for explicit permission using the new set of data permissions. This level of transparency helps build user trust by offering people greater understanding of what data they share and how it will be used.
All applications created since f8 already use this new data model. You can manually upgrade your older application to use the new data model now in the Developer application. Since many of you have requested more time to test and optimize how you use the new permissions dialog, we won't automatically upgrade existing applications and websites until June 30, 2010. We encourage you to still get started soon to make sure your code works with these changes.
To upgrade your application to the new data model, edit its settings in the Developer application. On the Migrations tab, enable "New Data Permissions." You do not need to upgrade to OAuth 2.0 to use these new permissions or the new dialog.
You should try the new data model in a test application first to determine if you need to ask for additional data permissions for your application to work properly. For example, if your application needs to access the user's photos, you should ask for the new user_photos permission in addition to the other extended permissions your application may already be requesting.
In response to user feedback around simpler controls, we're introducing an option for people to turn off Platform altogether, and remove their access to all integrations from their privacy page. Users will have multiple opportunities to turn Platform back on. For example, when users who have turned off Platform click a Facebook login button in your application, they will be prompted to turn Platform back on before they can continue. Likewise, social plugins will not show any personalized content for these users until they click a "Turn Platform on" button on the plugin.
We added a few clarifications in our simplified data policies to help address some confusion around your rights and responsibilities with respect to user data. For example, our removal of the 24-hour caching policy eliminated a technical burden but does not change the rights you have to data, which continue to be subject to explicit user consent.
Just as our suite of social plugins offer new ways for users to see social context across the Web without sharing any data, our recent data changes greatly improve user transparency and simplify the Facebook Platform development experience. We hope you start migrating your applications to the new permissions model and let us know your feedback in the Developer Forum.
Bret, head of Facebook Platform products, is working with you to build a great user experience on Platform.